A comment left here today by Mark Pitt very kindly pointed me to the Elgar- and/or Dorabella Cipher-related Sotheby’s Lot 92 from May 2016.

The lot contained a rather distressed (“binding broken, pages loose, wear and some damp-staining“) first edition copy of Dora Penny’s (1937) “Edward Elgar: Memories of a Variation” apparently from Dora Penny’s own library (“D.M.P. 1937”, though by then the final ‘P’ then stood for ‘Powell’, her married surname), along with various photographs of Elgar and his coterie all “captioned by Dora in blue ink”.

Oh, And A Micro-Cryptogram, Too

Also included was a small fragment written by Elgar, noting that he “wrote to [musical instrument dealer] Hill offering to purchase Gagliano [violin]”, on a ~5.5cm x ~7cm piece of paper that had “traces of mounting to verso”. This is what it looks like (image taken from Sothebys’ site):


The expected price was £600-£800, but the actual hammer price was £1750.

What seems to have raised the level of buyer interest was the presence of a single three-letter cryptogram repeated six times (though with the first time crossed out), with three of the instances preceded by a ‘£’ sign. Given that this is arguably the shortest cryptogram I’ve yet posted here, I thought it was well worth dubbing it a “micro-cryptogram”.

But… what could this be? And, most importantly, might we be able to crack it?

Ah, It’s Also In His Diary

Fortunately, Elgar historians and biographers got there first (after a fashion). For if you turn to p.158 of Jerrold Northrop Moore’s (1984) “Edward Elgar: A Creative Life”, you will discover that the same micro-cryptogram appears in his diary: “[56] Elgar’s diary entry [for buying the eighteenth-century Gagliano violin] follows the £-sign with three squiggled marks“. (Figuring that out took me all of thirty seconds, much of which was spent trying to unwedge the copy of “A Creative Life” from the back of the bookshelf it was sitting on.)

So it would seem that what was on sale at Sothebys contained something like pen-trials or rehearsals on a scrap of paper for the same three-glyph cryptogram he added to his diary. Moreover, if we could discover by other means what price the Elgars paid for the Gagliano violin in 1891, then it seems we would be able to solve the cryptogram.

However, having now spent significantly more than thirty seconds trying to determine this (with no success), all I can do is throw it open to you all. How many pounds did the Elgars pay for their Niccolò Gagliano violin in 1891? Find that out and you presumably will have solved possibly the shortest genuine historical cryptogram ever. 🙂

Absence of Provenance Is Not Evidence Of Providence

All the same, I have to say it seems odd to me that the (normally very thorough) Sothebys people failed to pick up on this connection with Elgar’s diary. The catalogue entry for the preceding Lot 91 (Lot 91) was much more their normal style, with a rock-solid provenance (“From the collection of Edward Speyer, to whom Elgar gave these manuscripts“): unsurprisingly, that went for a handsom £72,500 (close to the middle of their estimated range).

So… what was the difference with Lot 92? What was its provenance? I can’t help but wondering whether the “binding broken, pages loose, wear and some damp-staining” condition of Dora Penny’s own copy of her book might be trying to tell us, along with all the photographs hand-annotated by her.

You see, there is one person who could very easily have been the source for this: Dora Penny herself (albeit indirectly).

When I tried to trace the history of the Dorabella Cipher itself a few years ago, I found that it had been part of a a sizeable set of Dora Penny’s Elgar-related papers, that had been presented to the Royal College of Music Library “by Mr and Mrs Claud Powell [in] 1986”. However, as an RCM archivist I talked with told me, several boxes of this Elgar material were somehow lost (possibly in Leeds?) while being transported to London, and that was the last that was seen of them.

What, then, are the chances that one or more of these cartons ended up in someone’s slightly damp garage for the next thirty years, and that this rather poor condition copy of the book is the first sight anyone has seen of these since 1986? Perhaps the seller didn’t want to be identified for that reason, in which case it could easily be why the lot was clearly marked as “sold not subject to return”, and without a hint of a flicker of a provenance.

Even So, Does It All Add Up?

Even if the above will turn out to be the story behind this item, I have to say that the picture as a whole still doesn’t quite ring true to me.

Put simply, I would be a little surprised if Dora Penny had had reason to mount this poor scraggly piece of writing on her wall. After all, she had the Dorabella Cipher itself: this micro-cryptogram is surely very much its poor relation, as well as being unprepossessingly tiny.

Might it be that the person who owned this had had it mounted on his or her wall in their study, sitting next to the Dorabella Cipher itself? What an incredible story that would be! Well… something to think about, anyway. 🙂

Many angry arrows have been aimed in the direction of Cipher Mysteries of late (mostly by a single vociferous individual), asserting that it has got its moderation policy Just Plain Wrong.

Obviously, differences of opinion about what comments should be moderated in or out hardly amount to breaking news. But the reactive rhetoric attached to these attacks has recently reached a somewhat fevered pitch, where the blog posts being made about comment moderation had become much worse than the comments they were related to.

Best Practice for Bloggers?

As a result, I thought it was high time I trawled the web to see what, as of mid-2016, is considered best practice for bloggers. After all, knowledge is power, ain’t it?

“The Blogger’s Code of Conduct”

In 2007, Tim O’Reilly proposed a Blogger’s Code of Conduct, to try to promote civility online (specifically in blogs). The six points (which he also tried to connect to badges) were:

1. We take responsibility for our own words and for the comments we allow on our blog.
2. We won’t say anything online that we wouldn’t say in person.
3. We connect privately before we respond publicly.
4. When we believe someone is unfairly attacking another, we take action.
5. We do not allow anonymous comments.
6. We ignore the trolls.

For all the good ideas in there, O’Reilly was quick to recognize that he had severely underestimated the size of the issues. In practice, each of his six points has a huge number of weak spots:

1. moderating is full of edge cases (e.g. at what point does someone expressing a strong feeling about something actually become abusive? If someone doesn’t like a comment, does that mean that that comment is genuinely offensive or do they just not like to see opinions different to their own? So, to what notional person should any given comment be deemed offensive? etc etc) to the point that the notion of a single catch-all “responsibility” umbrella is woefully inadequate.

2. it is ridiculously easy for someone to cut and paste what you have written or commented or moderated and quote it out of context to deliberately distort what you said or allowed to be said. And (moreover) to say in person where? In a bar, in a church, at a football match? Given that context forms ~90% of communication, it’s almost impossible to write posts or comments that cannot be taken out of context and given a new, offensive meaning.

3. for a whole bundle of reasons, connecting privately first is something that almost never happens.

4. for a different (but very similar) bundle of reasons, it is extraordinarily rare for anyone to step forward to “take action”. Again, this almost never happens.

5. it is very hard to prevent anonymous commenting. Even tiny children are now indoctrinated never to disclose their real names or any information that might help identify them online: and from there it is the smallest of technical steps to full anonymity. It turns out that anonymity is less of a true/false condition than a spectrum of ‘anonymousness’ that is defined mainly by the cost of de-anonymizing that anonymity. So: how much time, effort and money should a moderator have to put in to determine what degree of anonymity a specific comment is employing?

6. trolls just like attention, and have many mechanisms for baiting people just below the threshold of not-OKness. At what point does a commenter become a troll? And anyway, according to whom are they a troll? And how can the people making that judgement tell that they are a troll? And what recourse can someone have if they are incorrectly accused of being a troll?

So it turns out that the main problem with O’Reilly’s proposal is that almost every aspect of blogging is a grey area, and that his approach for trying to make everything in the blogosphere OK is just too rigid and (as some critics put it) rather too corporate. He says that he’s more interested in promoting civility than in enforcing political correctness, but given the extraordinarily wide range of conversations and interactions that blog posts enable, imposing a single model upon them all seems destined never to work.

In my opinion, his heart was in the right place but he underestimated the scale and practical difficulties of the real-world problems by a factor of a hundred, to the point that his proposals weren’t fit for purpose.

Responsible Blogging

Numerous other angles have been proposed over the years. A post by Daniel Scocco proposed 10 Rules for Responsible Blogging, but which I think are far more concerned with transparency and professionalism than ‘responsibility’ as such:

1. Check your facts
2. Respect Copyright Law
3. Consider the implications
4. Control the comments on your blog
5. Give credit where credit is due
6. Disclose professional relationships
7. Disclose sponsored posts
8. Be transparent with affiliate links
9. Respect Tax Law
10. Avoid “blackhat” methods

Of course, many of these issues are covered by actual legislation.

For example, according to this UK ethical blogging blog, the Office of Fair Trading would like everyone to understand that “The integrity of information published online is crucial so that people can make informed decisions on how to spend their money. We expect online advertising and marketing campaigns to be transparent so consumers can clearly tell when blogs, posts and microblogs have been published in return for payment or payment in kind. We expect this to include promotions for products and services as well as editorial content.”

But this is more of a legislative angle than anything else, and many of the interesting questions are more to do with blogging ethics.

Rebecca Blood’s “Weblog’s Ethics”

Rebecca Blood’s take on Weblog Ethics is a slightly more journalistic angle:

“1. Publish as fact only that which you believe to be true.”
“2. If material exists online, link to it when you reference it.”
“3. Publicly correct any misinformation.”
“4. Write each entry as if it could not be changed; add to, but do not rewrite or delete, any entry.”

“Post deliberately. If you invest each entry with intent, you will ensure your personal and professional integrity. […] History can be rewritten, but it cannot be undone. Changing or deleting words is possible on the Web, but possibility does not always make good policy. Think before you publish and stand behind what you write. If you later decide you were wrong about something, make a note of it and move on.”

“5. Disclose any conflict of interest.”
“6. Note questionable and biased sources.”

While Blood is solid on the foundations of positive blogging here, I think it’s fair to say that she doesn’t offer a very practical guide to the problematic issues of moderating and offence that caused O’Reilly’s proposal ship to hit so many rocks.

“A Bloggers’ Code of Ethics”

Even though it was clearly adapted from what was originally a journalism code of practice, there’s a lot to like about the Bloggers’ Code of Ethics, that came courtesy of CyberJournalist.net:

“1. Be Honest and Fair”
* Never plagiarize, but always identify and link to sources where practical.
* Ensure that what you write does not misrepresent, oversimplify or highlight incidents out of context.
* Never distort photos without disclosing what has been changed, and label all montages etc.
* Never publish information you know is inaccurate — and highlight doubt if publishing questionable information.
* “Distinguish between advocacy, commentary and factual information”, and don’t misrepresent fact or context.
* “Distinguish factual information and commentary from advertising” and shun anything blurring the boundaries.

“2. Minimize Harm”
* “Treat sources and subjects as human beings deserving of respect.”
* “Show compassion for those who may be affected adversely by Weblog content. Use special sensitivity when dealing with children and inexperienced sources or subjects.”
* “Be sensitive when seeking or using interviews or photographs of those affected by tragedy or grief.”
* “Recognize that gathering and reporting information may cause harm or discomfort. Pursuit of information is not a license for arrogance.”
* “Recognize that private people have a greater right to control information about themselves than do public officials and others who seek power, influence or attention. Only an overriding public need can justify intrusion into anyone’s privacy.”
* “Show good taste. Avoid pandering to lurid curiosity.”
* “Be cautious about identifying juvenile suspects, victims of sex crimes and criminal suspects before the formal filing of charges.”

“3. Be Accountable”
* “Admit mistakes and correct them promptly.”
* “Explain each Weblog’s mission and invite dialogue with the public over its content and the bloggers’ conduct.”
* “Disclose conflicts of interest, affiliations, activities and personal agendas.”
* “Deny favored treatment to advertisers and special interests and resist their pressure to influence content. When exceptions are made, disclose them fully to readers.”
* “Be wary of sources offering information for favors. When accepting such information, disclose the favors.”
* “Expose unethical practices of other bloggers.”
* “Abide by the same high standards to which you hold others.”

Is this approaching “Best Practice For Bloggers”? In many ways, it is, insofar as it points itself squarely at Honesty, Non-Harmfulness and Accountability, three things which are hard to disagree with. Yet at the same time, I have to say that it’s not really tackling the basics.

And there are some really big basics none of the above has managed to cover.

Irresponsible Blogging Practices

Most of the unethical blogging practices you’ll find described on the web are to do with not disclosing that certain blog content has been paid-for or sponsored in some way. Which is fair enough.

Yet there are many more blogging practices going on out there that I would consider acutely unethical. And having recently found myself on the receiving end of what I would consider a long string of them, I thought it might be helpful to compile a list:

1. Theft, Misrepresentation, and Libel
* Writing posts culled from posts and comments all over the web
* Never giving attribution or credit to your sources
* Constantly blurring the boundaries between truth, speculation, and outright fiction
* Never posting anything that can be easily separated out into truth, speculation, and outright fiction
* Exaggerating your website’s own importance and telling lies about other people’s websites
* Writing posts asserting that a particular individual who disagrees with you has a specific mental disorder, helpfully cutting and pasting sections of text from Wikipedia to help demonstrate the accuracy of that claim [Two people have done this to me in the last six months or so, with two very different disorders].
* Telling hateful lies about other people, but then quietly deleting those lies from the website “once they have served their purpose”.

2. Baiting, Deception, and False Closure
* Writing posts aimed squarely at an individual.
* Writing posts openly baiting a particular individual.
* Writing posts openly baiting a particular individual, waiting for them to comment, then completely changing the sense of the text in the post to try to present the commenter in a bad light.
* Responding to critical or comments with a snarky, hostile, superior comment and then immediately closing comments on that post.
* Selectively editing (or often outright deleting) commenters’ comments to remove any sections that don’t happen to paint the blogger/moderator in a favourable light.
* Closing comments and then selectively editing the comments to remove any that are not favourable to the moderator.
* Claiming ‘victory’ in comments, then deleting any incoming comments that might run counter to that claim.
* Changing the title of posts to aim them (after the event) at individuals.
* Changing the title of baiting posts to pretend (after the event) that it wasn’t aimed at individuals.
* Putting up unbelievably hostile, libelous, bait-filled posts but then quietly deleting them if things get too hot.

3. Trolls, Stalkers, and Safe Havens
Sadly, you may recognize some or all of the following patterns of behaviour:
* If you leave a comment on my website that doesn’t accord 100% with my views, I will either delete your comment or post a hostile rebuttal comment specifically designed to piss you off
* If you disagree with me, you are a troll
* If you disagree with people who blogs I admire, you are a troll
* If you use a proxy server, you are a troll
* If you sympathize with someone I don’t trust, you are a troll
* If I believe you are a troll, I feel justified in openly publishing your IP address(es) and your email address(es)
* If I believe you are a troll, I feel justified in saying anything I like to you, no matter how disgusting
* If you publish a comment on your website from people who don’t like me, they are trolls and you are a disgrace
* If you publish a comment about me from someone I have loudly pissed off on my blog, your website is nothing but a safe haven for trolls and you personally are a despicable, unethical pervert.
* If I think your website acts as a safe haven for trolls, I will denounce you as a despicable troll-lover to all the domain experts whom I know you rely upon: and I will make sure that those domain experts are so disgusted by your sympathy for such modern-day devils that they don’t return your emails or calls. But that’s not actually “libel”, because… I say so.

Oh, and if you honestly think I’m making any part of the above three sections up, you have no idea at all about the depths a few irresponsible people can – and do – plumb.

“Best Practice For Bloggers”, Really?

Tim O’Reilly’s idealistic-sounding proposal for more civility in the blogosphere seems a world away from my own experience of the last year (particularly during the last few months): Daniel Scocco’s “responsible blogging” barely touches on my concerns, while Rebecca Blood and CyberJournalist.net’s angles on blogging ethics seem to assume everyone out there is journalistically sparring according to a rather refined set of Marquis of Queensberry-style rules.

Clearly they’re not.

What people keep telling me to do when I yet again come up against what to me – and probably to almost all other bloggers, I believe – seems like unbelievably irresponsible and unethical blogging is to just ignore it. Turn the other cheek. Take no notice: walk away.


Step away from the burning firework factory, sir. Nothing to see. Even if the fireworks do happen to be vividly writing your name across the virtual sky.

But there’s something deeply unethical about saying and doing nothing. As the CyberJournalist.net says, all bloggers should have an ethical obligation to “expose unethical practices of other bloggers.”

And yet the behaviour I have encountered would be unrecognizable to almost all other bloggers. Does what I have had thrown at me even fall in the same category as blogging? Or is it something that has grown into a sustained campaign of intensely personal, bitter hatred, merely shaped into what superficially resembles blog form? [*]

For me, the best practice for bloggers isn’t anything so idealistic as the four accounts I referred to above: but rather to read the list of Irresponsible Blogging Practices above and make sure you never – ever, ever – do any of it whatsoever. For any reason.


[*] For the record, I don’t “loathe” or even “hate” the person who has been doing this. I just wish he would spend even 1% as much time facing himself in the mirror as he does trying to devise loathsome new ways to attack me.

…but what a pain in the neck moving a large blog from a single-site WordPress install to a WordPress multisite install is. 🙁 I started trying to count how many individual steps it took to get it all working again, but gave up around ninety (for what it’s worth, I’d guess the final figure was closer to 150). Astonishing (and not in any good sense of the word).

Anyway, even though I *think* I’ve got everything basically working again, please use this page to let me know if you find anything broken. Which is entirely possible, unfortunately. Thanks!

What is an Internet troll?


To me, an Internet troll is anyone who puts up posts, pages, or comments (a) unsupported by evidence, (b) openly hateful, and (c) specifically designed to generate an emotional response in a small subset of readers (often a specific individual). Hence the three central pillars of trolldom are: fake, hate, and bait.

Unfortunately, from the point of view of a comment moderator, the “fake” part of this trio is very hard (and extraordinarily time-consuming) to judge, given that roughly 90% of what gets posted on the Internet is already fake, imagined, or outright misinterpreted.

As a result of this, all I can reasonably do (as a moderator) is try to reduce the “hate” and “bait” parts. And goodness knows there’s plenty of both of those about as well.

This policy is just about as good as it gets for a blog that has already had 13,000 or so visitor comments to moderate and for a blog moderator who has just a single lifetime in which to moderate those comments.

Moderation Policy

Hateful: if (in my judgement) a comment is openly abusive and/or hateful, I moderate it out, full stop.

Sexism: I include sexist and homophobic comments in the category of “hateful”.

Racism: I include racist comments in the category of “hateful”.

Religion: I include anti-religious comments in the category of “hateful”.

Swearing: note that I tend to replace blasphemies (particularly multiply-strung-together blasphemies) with “[swear]” or similar, mainly to send a signal to the commenter about the futility of swearing.

Response Policy

In the unlikely case that you (the reader) think I have moderated / allowed a comment that is abusive and/or hateful, please email a link to it to me (nickpelling at nickpelling dot com) straight away, and I will – almost always – remove that comment. However, what I will definitely not do is what Pete Bowes recently suggested on his site:

If you (Pelling) would take the trouble to research your own site and collect the IP addresses of the trolls who collected every time Xlamb made a contribution to one of your threads I would be in a position to match them with the IP addresses of the abusers who have threatened me (online) and those who threatened Xlamb through the email system.

What is wrong with this? Simply that individuals such as Pete Bowes are neither the Internet police nor even Chuck Norris: the task of cross-referencing IP addresses should always fall to the police, not to individual online vigilantes.

So once you have opened a case with your local police force, please email me the case reference the police give you and I will happily pass on IP addresses, dates and any other details I have relating to that/those commenter(s) directly to them.

The “Devil’s Handwriting” cipher first appeared in 1539, reproduced in a book by Teseo Ambrogio Albonesi: and, of course, nobody has yet managed to read even a word of it.

But for a short time in the mid-17th Century, oddly enough, it became hugely famous when a copy of Albonesi’s book held by Queen’s College was proudly shown to the newly-Restored Charles II (along with the Queen and the Duke and Duchess of York) on a visit to Oxford on Michaelmas Day 1663. It was the talk of court; and the matter of a small bribe to persuade someone to bring the book out on display became a necessary evil for tourists working their way around Oxford’s wondrous historical sights.

The Devil’s Handwriting then found use a kind of cipher mystery meme: that is, in much the same way that netizens now occasionally use the Voynich Manuscript as a handy metaphoric brick to virtually lob at things they deem incomprehensible, a 1674 poem by Thomas Flatman uses the Devil’s Handwriting to disparage the allegedly impenetrable poetry of Sam Austin of Wadham College:

“We with our fingers may your Verses scan,
But all our Noddles understand them can
No more, than read that dungfork, pothook hand
That in Queen’s Colledge Library does stand.”

[And in fact in 1743, Johann Christian Götze (describing Albonesi’s book) used almost exactly the same phrase to describe the shape of the Devil’s Handwriting’s letters: Mist-Gabeln. Nice.]

Another Oxonian poem (this time from 1746) celebrates rather than execrates the cryptogram:

A dark, oracular, mysterious scrawl:
Uncouth, occult, unknown to ancient Greece,
The Persian Magi, or the wise Chinese.
Nor runic this, nor Coptic does appear;
No, ’tis the diabolic character.

All in all, I think it fair to say that, circa 1665, while the Voynich Manuscript was still on its way to Athanasius Kircher’s to begin a multi-century sleep in Jesuit trunks, the most famous cipher mystery in the world was actually… the Devil’s Handwriting. Just so you know.

PS: I’ve added a page to the Cipher Foundation website containing all the above references to the Devils’ Handwriting.

Les Hewitt’s article The Voice of Vrillon pointed me to something I just had to share.

At 5.10pm on Saturday 26th November 1977, a Southern News TV segment on Rhodesia was hacked live: its audio track (of newscaster Andrew Gardner) was overlaid by a 5-minute message from “Vrillon, representative of the Ashtar Galactic Command”. Once complete, the audio then phased back in time for the start of “Falling Hare with Bugs Bunny”, a Merrie Melodies cartoon.

Nobody has since admitted to being ‘Vrillon’: which is perhaps a bit of a shame, because he/she did a pretty good job of overriding the FM signal (probably, as was pointed out at the time, in the immediate vicinity of the Huntingdon transmitter).

Hewitt also mentions a second pair of TV hacks that took place in Chicago a decade later (in 1987), the second (much longer one) interrupting an episode of Doctor Who. So if you don’t want to see someone in a “Max Headroom” mask singing badly and then having his mooning arse lightly spanked by someone in a French maid’s outfit with a flyswatter, please look away now:

Again, nobody knows who carried this out, but the incident has its own boring Wikipedia page. No flies were harmed in the making of this hack. Which is nice.

On Roald Dahl Day 2013

Raise a toast to that Roaldest of Dahls
Whichever world language tu pahl
His witches and twits
And chocolate-based skits
Delight children from here to Nepahl

Lift your glass to that Roaldest of Dahls
Whatever your lodge or cabahl
Read his books and you’ll learn
That his twists and his turns
Are intriguing and never banahl!

Nick Pelling

Several years ago, I noted here a long-standing story about a 1926 Budapest waiter who (allegedly) killed himself, leaving a suicide note in the form of a crossword. I wondered whether it was an urban legend, or (if it were to prove to be true) whether the crossword might have been printed in a newspaper of the day. But with only a few words of tourist Hungarian to work with, I didn’t really stand a chance in the Hungarian archives.

Well, now Hungarian urban legend-hunter Marinov Iván has eagerly grabbed the baton, and hurdled his way along miles of microfilm in the newspaper archives in search of the truth. As a result, his Hungarian urban legend blog today revealed that this was indeed a real story. According to the 4th March 1926 edition of Az Est, what happened was this (forgive my rough and ready translation / paraphrasing)…


Just after (?) midnight, a man had come into the well-known Emke kávéház [Café Emke] on near the corner of Rákóczi út [Rákóczi Way] and Erzsébet körút [Elizabeth Boulevard]. After having a coffee, he repeatedly tried to call a number using the cafe’s telephone, but without success. About an hour later, the Emke’s cloakroom attendant heard a bang from a toilet: and when she opened the door, she heard a second bang. Inside, she found a young man lying on the floor with a pistol in his hand, and with blood gushing from his head and chest.


Once the ambulance and police arrived, the man’s identity was found to be Antal Gyula [Julius Anthony] of Csengery utca 3 [#3 Csengery Street]. In his pocket there was [- indeed! -] a suicide note containing a crossword. It subsequently turned out that he had lived in “misery and unemployment” for some time, and had been evicted from his apartment at the start of the month, having failed to pay his rent. But as far as his note went, the Est article concluded “A bonyolult keresztrejtvényt azonban eddig még nem sikerült megfejteni“, which I read as “the complexity of the crossword means that it has not yet been deciphered“.


So… what happened next? Iván followed up by looking in lots of other Hungarian newspapers from that year, but they all reported essentially the same bare facts, with only the Pest Newsletter adding that the man was 25 years old, and that the riddle had been “taken to police committee headquarters”. He speculates that had it might have had received more coverage had the man’s job been of higher status than a waiter: sadly, Budapest has long been (and remains to the present day, I believe) a suicide ‘hotspot’, so many other pages of those same newspapers would have contained stories of the same tragic ilk.

Ultimately, Iván failed to find any further references to the story in the newspaper archives, and so it is there that he stopped. Perhaps someone else will now pick up this baton and carry it yet further… perhaps we shall yet get to see Antal’s infamous (but tragically real) crossword!

PS: an Internet search revealed an evocative description of Café Emke in December 1945 in Sándor Márai’s autobiographical “Memoir of Hungary (1944-1948)” (pp.198-205).

As quite a few of you already know (because you emailed to tell me, thanks!) Cipher Mysteries’ WordPress hosting got hacked again. Unfortunately by the time I’d downloaded the access logs from the server (the next day), all the nasty activity was too far back in the buffer to see exactly where it came from. Next time I’ll try to remember to be quicker!

I first had a look around with the Cpanel File Manager, as I initially expected the attack to have originated from a compromised file in the file system. I did find a backdoor php file inserted into ./wp-content/uploads, which from the file date was probably left there by the previous (Bangladeshi) hacker: but nothing else, which was a bit strange. So I reinstalled WordPress 3.5.1, fired it up, and… it was still hacked.

Appallingly, it turned out that the hacker had managed – despite my firewall & security plugins – to change some fields in the local database itself. Basically, he (I’ll call him “him”, for I’ve read that hacking is a largely male subculture) changed three entries in the WordPress wp_options table:-

1. blog_charset (which he changed from “UTF-8” to “UTF-7”)
2. blogname (which he overwrote with a load of script kiddie stuff)
3. widget_text (which was filled with a load of escaped script kiddie stuff)

The most irritating hack was #3, as I could tell it was in JavaScript (hint: disable JavaScript and the problem disappeared) but couldn’t see what file had been changed. And in fact none had, because the script was inserted into a field in the database.

The most interesting hack was #1, because it wasn’t at all obvious to me why changing the charset to UTF-7 would be of benefit. But it turns out that this is a longstanding way of attacking databases (which expect UTF-8, and can be vulnerable to carefully crafted UTF-7 strings causing mySQL to do unexpected things). Here’s a page mentioning this weakness. Just so you know, IE9 doesn’t seem to support UTF-7 satisfactorily, which also had me confused for a while. *sigh*

The hacker may also have made other changes to the database, but I don’t know of any way to see a history of recent mySQL accesses from within WordPress… now there’s an idea for a forensic plugin that would be really useful. Or a Cpanel add-on. Or something.

How did the hacker get in? My guess is by exploiting a just-after-zero-day vulnerability in WordPress 3.5.0, as I hadn’t quite got round to upgrading to 3.5.1, what with work and real life inevitably getting in the way.

Unfortunately, I have no real faith that I’ve solved the problem. Chances are another vulnerability will open up before very long and we’ll go through the same rubbishy process all over again. C’est la vie (du blogging).